StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Intersection between Security and Risk Management - Report Example

Summary
This paper 'The Intersection between Security and Risk Management' tells that The security industry functions within a multi-disciplines having risk management as an essential domain of knowledge within security. Security has embraced the application of risk management, especially a probabilistic threat approach to gauge risk…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.5% of users find it useful

Extract of sample "The Intersection between Security and Risk Management"

The Intersection between Security and Risk Management Name Institution Date The Intersection between Security and Risk Management Introduction The security industry functions within a multi-disciplines and diverse base, having risk management as an essential domain of knowledge within security. Similar to other management subjects, security has embraced the application and principles of risk management, especially a probabilistic threat approach to gauge risk and help in decision making. This approach has received support from many individuals, who see probabilistic risk as an instrument that generated informed, rational and objective options from which sound decision might be made. Based upon qualitative, semi-qualitative and quantitative evaluation of probability and outcomes of future incidents, probabilistic risk intends to offer security professionals with the computation of such threats. The measurements are then utilized in the formulation of cost-effective resolutions which then shape a future that tries to lessen probable harm, while exploiting on probable opportunities. Nevertheless, several individuals claim that probabilistic risk is not enough to deliver anticipated coherent computations of security risks in an increasingly changing and uncertain environment. It is thus disputed that probabilistic approach is not effective for security, because security risk management takes a more heuristic approach (Brooks, 2011). The concept of security risk management Over the last two decades, risk management concept as a recognized discipline has come forward through the public and private sectors. Risk management is presently a well-founded discipline, having its own domain practitioners, as well as body of knowhow. According to Brooks (2011) nations all over the globe possess their own standards of risk management and in majority of these states, the senior organizational executives have the obligation of making sure that suitable practices of risk management match the external and interior compliance requirements. However, majority of these compliance requirements and standards only take into consideration risk management, and does not consider a security risk management. Safety or security risk management might be regarded as distinctive from other types of risk management because majority of the more common risk models do not have the essential key concept for efficient design, alleviation, and application of security threats (Aven, 2008). Generally, security might be regarded guaranteed liberty from want or poverty, safety measures taken to prevent theft or intelligence Green and Fischer (2012) note that security means a stable, comparatively predictable atmosphere whereby a group or an individual might pursue their activities in the absence of harm or interruption and with lack of fear of injury or disturbance. Areas of security practices might be regarded civic security, national security or private security, but merging of these fields are increasing within the present political and social environment. The development of security risk management The exposure of the world to rebel attacks has increased societal concern over the capability of state and national governments to protect their citizens. These attacks and other security issues have increased both global and national need for defense that can efficiently safeguard the nationals at a rational cost, attained to some extent via the utilization of security risk management. Security is usually considered in a private, organizational or commercial context for the safeguarding of assets, information, and people. Disrupting and preventing terrorist attacks, safeguarding citizens, vital infrastructure, and major resources, as well responding to incidents are key components in ensuring the safety of a nation. To be able to keep a country, it is the responsibility of all security stakeholders to strengthen the systems, structures, institutions and principles that are concern with security ASIS International, 2009). The management and assessment of risk lie beneath the full range of a nation’s security activities, entailing decisions on how, when and where to put in resources that control, mitigate or eliminate risks. In the visage of diverse and multiple catastrophic probabilities, it is at acceptable that risk which is a function of vulnerabilities, consequences, and threats. Risk-based frameworks must be applied in all security efforts so as to recognize and evaluate probable threats, entailing their downstream impacts, establish the acceptable levels of relative risk, prioritize and allocate resources among both private and public security partners, to prevent, respond to, respond to and recover from all form of events (Manunta, 2011). Security risk management approaches There are several security risk management and risk management frameworks utilized within the security industry. Nowadays, all portions of a company utilize threat management to a certain level and security is not any different. International standards like ISO 31000:2009 is possibly the benchmark, but the identified perspective of this framework is presently being assesses by an international survey, utilizing several diverse groups. In addition, the safety utilization of ISO 31000:2009 might be defected, because it disregards to raise and to incorporate certain safety concepts of risk like criticality, threat and vulnerability, unlike the HB 167:2006 safety risk management standard that integrates these security concepts into an incorporated framework (Dali, 2011). ISO 31000:2009 risk management was published in 1992 is regarded an almost international standard and is internationally recognized as excellent practice on addressing risk. This framework has been used in several countries such as United States, Canada, Japan, Spain and Korea. This standard is broadly utilized by security practitioners in Australia. Several industries utilize this risk management framework, and it possesses wide applications across finance, governance, project management, engineering, environmental protection, security and life safety (Standards Australia, 2009). Standards Australia is the key standards organization and has the responsibility of offering general governance and oversight of Standards in Australia. The organization focuses on four major areas which include international and national coordination, design assessment, accreditation of other bodies to develop standards and creation and update of frameworks or standards (Standards Australia, 2011). Australian Standards are published documents that set out procedures and specifications designed at ensuring systems, services and products are reliable, safe and perform consistently. This approach makes sure that a universal language is attained in an industry, driven by progressive portions of industry, community expectations and legislation. According to Standards Australia (2009), ISO 31000:2009 risk management offers a standard or framework for management of risk, staring with the establishment of context, the setting of the scope and identification of stakeholders. The next step involves assessment of risks, integration of risk recognition, analysis, and valuation. The last step entails treatment of risks. Simultaneously with risk assessment phases, there is the monitoring and reviewing of the process, as well as consultation of the stakeholders. The major limitation of ISO 31000:2009 risk management framework is that it fails to consider safety risk concepts like criticality, threat and vulnerability, which are significant in security risk management. Nevertheless, this limitation was dealt with by Standards Australia through the development of a precise security threat management book called Handbook HB167:2006 security risk management. According to Standards Australia (2011), this handbook offers a way of having a better comprehension nature of safety threats. For instance, the handbook puts into consideration concepts of security risks such as vulnerability, criticality and threat, which are unique and important in the risk management domain. Within Standards Australia, there exists other specific risk related frameworks covering fields like management of business continuity and health. ISO28000 supply chain security management tries to minimize risk to cargo and individuals in the supply chain. The framework tackles probable security matters at every phase of the supply procedure, therefore targeting risks like fraud, piracy and terrorism. This standard spells out the requisites for the security management scheme to enhance safety within supply chain. The NFPA 1250 practice in emergency service organization risk management establishes criteria for the development, evaluation or implementation of emergency service organizations threat management program for efficient risk recognition, financing and control of fire organizations and departments. This standard integrates frameworks that fire authorities can implement and utilize as a model of ensuring compliance in the broad jurisdiction of threat management as well as contingency planning (Standards Australia, 2010). According to Talbot and Jakeman (2012), the necessity to raise safety risk management knowhow was demonstrated via Australia government supported program with RMIA leading to SRMBOK guide for security practitioners. This guide tries to solve safety risk management aspects like a framework for vital knowhow, competency as well as practice fields which academics, students, managers and practitioners can employ in recruiting, training, educating and measuring performance. However, SRMBOK fails to offer clear recognition of the numerous elements and their relationships that could be regarded as safety risk management. The use of psychometric safety risk management concept map to inform understanding of safety risk management The psychometric security risk management concept map can be used to offer a better understanding of security risk management. A concept map is a depiction of a situation. Individuals might be able to better comprehend the world around them through creating a model map of an idea, a situation or principle. A concept map is a thinking instrument that is utilized to explore diverse features of a theme. A concept map is usually imaged, vibrant and result based simulation that is utilized in daily life to think about and understand the globe. A concept map allows an individual to share an idea with others, have shared knowhow, offers a universal language, and guides one’s actions (Brooks, 2009). McGill et al (2010) note that a concept map shows that threat is closely related to both culture and perception. This relationship takes into consideration that to a certain extent, the background of an organization defines the perception level to menace based upon cultural acceptability. This means that culture and perception notify the degree of threat that a society, organization, individual or community is ready to accept. The component of threat is perhaps the vaguest element of safety risk problem because it needs subjective presumptions to predict the aims of probable adversaries. If menace is highly uncertain, then its cultural and perception drivers further makes the issue complex (McGill et al, 2010). According to Brooks (2009), security does not have a clear definition and it is yet a distinctive field of study and practice. Security threat management is a distinctive knowhow group of security. However, security industry is a sundry and a unique industry that requires both domain-specific and generic skills. As proposed by ISO31000:2009, risk management has been the principal practical approach for the security practitioners. As suggested by Standards Australia in the handbook of safety risk management, the security risk management field is swiftly changing and thus the handbook can’t be able to cover every aspects as well as variant approaches. The safety risk management concept map clearly displays that menace is a vital factor during consideration of security risk (Bier, 2010). Nevertheless ISO31000:2009 does not offer the threat concept as well as other security connected concepts like criticality and vulnerability, although this standard is still the principal resource for the security practitioners during their consideration and application of safety risk management (Dali, 2011). Majority of organizational safety courses have been created from related subjects such as criminology, or justice studies although these disciplines must be discrete and separate from security. At tertiary level, there is no academic safety program, with most of courses being focused on crime prevention, risk management or criminal justice. This deformation of organizational safety discipline will subsequently lead to safety research that isn’t essential for the present day security industry. However, According to Smith (2009), security knowhow is been created although there has been development of suitable domain concepts. This view is supported by Simonsen (2011) who argues that security threat management is a knowhow category that is central to corporate safety discipline. A safety threat management concept map offers a level of particular safety body of knowhow. Understanding the threat and security threat management concepts that security practitioners put into consideration when evaluating security threat, the way these concepts are relate and incorporate , and the manner in which security practitioners consider these thoughts all promote understanding. Conclusion Risk management and security risk management have flourished over the last two decades and are being used to offer informed and robust mitigation strategies in safeguarding people and assets. Nevertheless, majority of risk management standards offer a process or framework that has a probabilistic approach to management of risk, possibly not entirely appropriate for security. There are numerous approaches to security and risk management, like ISO 31000:2009 risk management, HB167:2006 and RMIA SRMBOK. However, these processes or standards do not essentially offer a detailed understanding to safety risk management. These basic risk management standards are short of central risk management concepts like vulnerability, threat and criticality. References Brooks, J. (2011). Security risk management: A psychometric map of expert knowledge structure. International Journal of Risk Management, 13(1/2), 17–41. Aven, T. (2008). Risk analysis: Assessing uncertainties beyond expected values and probabilities. West Sussex: John Wiley & Sons Inc. Standards Australia. (2011). HB 167:2006 Security risk management. Sydney: Standards Australia International Ltd. Standards Australia. (2009). AS/NZS ISO31000:2009 Risk management - Principles and guidelines. Sydney: Standards Australia International Ltd. Talbot, J., & Jakeman, M. (2012). SRMBOK: security risk management body of knowledge. Carlton South: Risk Management Institution of Australasia Ltd. Bier, M. (2010). Challenges to the acceptance of probabilistic risk analysis. Risk Analysis, 19(4), 703-710. Garlick, A. (2007). Estimating risk: a management approach. Aldershot: Gower Publishing Company Smith, L. (2009) Security science: An emerging applied science. Journal of the Science Teachers Association of Western Australia 37 (2): 8–10. Green, G., & Fischer, J. (2012). Introduction to Security. Boston, MA: Butterworth Heinemann. Brooks, J. (2009). Key Concepts in Security Risk Management: A Psychometric Concept Map Approach to Understanding. Saarbrucken, Germany: VDM Verlag. Simonsen, C.E. (2011). The case for: Security management is a profession. International Journal of Risk, Security and Crime Prevention 1 (3): 229–232. ASIS International. (2009). Security body of knowledge (BoK): substantive considerations. ASIS InternationalAcademic/Practitioner Symposium 2009, ASIS International. McGill, L., Ayyub, M., & Kaminsky, M. (2010) Risk analysis for critical asset protection. Risk Analysis 27 (5): 1265–1281. Standards Australia. (2010). Imagine a world without standards. Brochure. Homebush. Dali, A. (2011). Global survey on ISO 31000 risk management standard Retrieved March, 24,2015, fromhttp://www.linkedin.com/groups?mostPopular=&gid=1834592 Manunta, G. (2011). Risk and security: Are they compatible concepts? Security Journal, 15(2), 43-55. Read More

CHECK THESE SAMPLES OF The Intersection between Security and Risk Management

Discuss how security requirements can be linked to business requirements

The management of Information Security Risks and to implement various methodologies to mitigate the security risks is a growing challenge in the filed of Information technology.... ecurity management and ResponsibilitiesData OwnerEach Line Department of the company, with its own computing facilities will appoint a senior member of the staff as Data Owner.... anagement ResponsibilitiesThe management plays the most important part in building a successful...
15 Pages (3750 words) Essay

Security Architecture & Design models

The author states that securing an information system requires that security architecture be created by the management of the information system.... Coming up with the best security architecture requires the management of an organization to perform a risk assessment and management process in order to come up with the best security model to secure the system.... The management the is aiming to ensure information security should consider the following types of security architecture models....
5 Pages (1250 words) Assignment

The Importance of Machine to Machine Interaction

The M2M device management provides a platform, which enables people to profit from this growth and also supports the new technology and devices that emerge in the marketplace.... This report also considers the current conditions of the emerging environment that is brought as a result of the emerging risk.... It also suggests that M2M interactions have led to some important advancement in technology, but it has also created several risks and security challenges....
5 Pages (1250 words) Case Study

Similarities and Differences between Security Risk Management

The paper "Similarities and Differences between Security risk management" states that the outcome of both assessments provides recommendations that maximize the protection of confidentiality, integrity and availability while providing usability and functionality.... Security has embraced the principles and application of risk management, for instance, a probabilistic risk approach to measure risk and aid decision making (Talbot & Jakeman, 2008).... Assets must be safeguarded according to the baseline security requirements and continuous risk management....
10 Pages (2500 words) Coursework

The Integration of Risk Management

The paper 'The Integration of risk management' presents the main security objective of organizations that is to protect the organization's assets especially the information asset.... The integration of the risk management approach in organizations holds huge potential when it comes to transforming organizations, enabling agility as well as adapting to new technologies.... This has resulted in integrating the risk management approach which entails three main stages: classification of information, risk assessment, and analysis of risk....
8 Pages (2000 words) Essay

Security Threat and Risk Assessment

everal researchers have attempted to define security threat and risk assessment; nonetheless, it is the interactive relationship of the two components that combine to establish the initial evaluation and recommends the action plan for the risk management.... The paper "Security Threat and risk Assessment" is an excellent example of an essay on management.... The paper "Security Threat and risk Assessment" is an excellent example of an essay on management....
6 Pages (1500 words) Essay

Security Threat and Security Risk

As outlined by the AS/NZS HB167:2006 Security risk management standards, security risks are considered as a threat.... onducting a threat assessment is integral in the risk management process because if assists in the identification of threats to assets, information and people while determining the probability and the impact of the occurrence of the threat (Standards Australia, 2006).... HB167:2006 Security risk management framework A key similarity between the security threat assessment and security risk assessment procedures is that both conduct vulnerability assessment....
6 Pages (1500 words) Term Paper

Security Risk Management

The study will elaborate mainly focus on the issues related to security and risk management but first, the research will define the meaning of the terms risk and how the issues of risks can be managed in any given organization or society.... The study will elaborate mainly focus on the issues related to security and risk management but first, the research will define the meaning of the terms risk and how the issues of risks can be managed in any given organization or society....
16 Pages (4000 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us